Introduction
These GDPR Compliance Terms and Conditions ("Terms") govern the processing of personal data on
Central LMS by the General Data Protection Regulation (GDPR). By accessing or using our Service, you agree
to comply with these Terms.
Data Controller
Central LMS referred to as "the Company," "We," "Us," or "Our" in this document, acts as the Data Controller under the GDPR. We are responsible for determining the purposes and means of processing Personal Data collected through the Service.
Lawful Basis for Processing
We process Personal Data based on one or more lawful bases permitted by the GDPR, including but not limited to:
- Consent: Where the data subject has given consent to the processing of their Personal Data for one or more specific purposes.
- Contractual necessity: Where processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject before entering into a contract.
- Legal obligation: Where processing is necessary for compliance with a legal obligation to which the Company is subject.
- Legitimate interests: Where processing is necessary for the legitimate interests pursued by the Company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of Personal Data.
Rights of Data Subjects
Under the GDPR, data subjects have the following rights regarding their Data:
- Right to information: Data subjects have the right to be informed about the collection and use of their Data.
- Right of access: Data subjects have the right to access their Data and receive information about how it is processed.
- Right to rectification: Data subjects have the right to request the correction of inaccurate or incomplete Personal Data.
- Right to erasure: Data subjects have the right to request the deletion or removal of their Data under certain circumstances.
- Right to restriction of processing: Data subjects have the right to limit the processing of their Data under certain conditions.
- Right to data portability: Data subjects have the right to receive their Data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
- Right to object: Data subjects have the right to object to the processing of their Data in certain situations.
- Rights about automated decision-making and profiling: Data subjects have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
Data Protection Officer
The Company has appointed a Data Protection Officer (DPO) to oversee compliance with the GDPR and to address any questions or concerns regarding data protection practices. The DPO can be contacted at [insert contact information].
Data Processing Agreements
The Company ensures that any third-party service providers processing Personal Data on behalf of the Company comply with the requirements of the GDPR. Data Processing Agreements are established with such service providers to ensure the lawful and secure processing of Personal Data.
Security Measures
The Company implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage of Personal Data.
Data Breach Notification
In the event of a personal data breach, the Company will notify the appropriate supervisory authority within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals.
International Data Transfers
The Company ensures that any transfer of Personal Data outside the European Economic Area (EEA) is done in compliance with the GDPR requirements, including the use of appropriate safeguards such as Standard Contractual Clauses or Binding Corporate Rules.
Data Retention
Where consent is relied upon as the lawful basis for processing Personal Data, the Company ensures that such consent is freely given, specific, informed, and unambiguous. Data subjects have the right to withdraw consent at any time.
Consent
Personal Data will be retained only for as long as necessary to fulfill the purposes for which it was collected, including any legal, accounting, or reporting requirements. Data subjects will be informed of the retention periods applicable to their Data.
Updates to Privacy Policy
The Company reserves the right to update or modify these GDPR Compliance Terms and Conditions at any time. Any changes will be effective immediately upon posting the revised version of the Service. Data subjects are encouraged to review these Terms periodically for any changes.
By continuing to access or use the Service after any revisions become effective, data subjects agree to be bound by the updated Terms.
Contact Information
If you have any questions or concerns about these GDPR Compliance Terms and Conditions or our data protection practices, please contact our Data Protection Officer at [insert contact information].
Agreement
By accessing or using Central LMS, data subjects acknowledge that they have read, understood, and agreed to comply with these GDPR Compliance Terms and Conditions. Failure to comply with these Terms may result in disciplinary action, including but not limited to termination of access to the Service.